Entropy estimation and decimation for improving the randomness of true random number generation

ABSTRACT

A random number generating system operates to generate an output number bit sequence based on an entropy estimation of a true random number bit sequence, the randomness of the output number bit being an improvement of the randomness of the true random number bit sequence. A physical random number generator communicates the true random number bit sequence to an entropy estimator, which generates an estimation signal indicative of the randomness of the true random number bit sequence. The estimation signal is communicated to a decimator whereby, in accordance with estimation signal, the decimator generates the output number bit as a representation of a decimation of a mixing of the true random number bit sequence and the pseudo random number bit sequence, or as a representation of a decimation of the pseudo random number bit sequence when the pseudo random number bit sequence is generated as a function of the true random number bit sequence.

TECHNICAL FIELD

[0001] The present invention generally relates to physical random numbergenerators (i.e., a device that generates a bit or bits representativeof a number by operating one or more components of the device in anundeterminable manner) and pseudo random number generators (i.e., adevice that inputs a random number bit or bits to generate pseudo randomnumber bit sequence(s) based upon an algorithm). The present inventionspecifically relates to an employment of one or more physical randomnumber generators and one or more pseudo random number generators inyielding an unbiased sequence of random number bits.

BACKGROUND AND SUMMARY OF THE INVENTION

[0002] Physical random number generators as known in the art generate arandom number bit or bits by operating one or more components of thedevice in an undeterminable manner. Conceptually, the undeterminableoperation of the component(s) yields an unbiased random generation ofthe random number bit(s). In practice, the undeterminable operation ofthe component(s) typically yields a biased random generation of therandom number bit(s) due to various tolerances related to the operationof the component(s). Pseudo random number generators as known in the artare employed to rectify the biased random generation of the randomnumber bit(s) to an acceptable degree.

[0003] The present invention additionally employs an entropy estimatorand a decimator to further improve upon the randomness of a true randomnumber bit sequence. Various aspects of the present invention are novel,non-obvious, and provide various advantages. While the actual nature ofthe present invention covered herein can only be determined withreference to the claims appended hereto, certain features, which arecharacteristic of the embodiments disclosed herein, are describedbriefly as follows.

[0004] The present invention is a random number generation systemcomprising a physical random number generator a pseudo random numbergenerator, an entropy estimator, and a decimator. The physical randomnumber generator operates to generate one or more true random number bitsequences. The pseudo random number generator operates to generate oneor more pseudo random number bit sequences. The entropy estimatoroperates to generate one or more estimation signals as an indication ofa randomness of the true random number bit sequence(s). In one form, thedecimator operates to generate one or more output number bit sequencesrepresentative of a decimation of a mixing of the one or more truerandom number bit sequences and the one or more pseudo number bits inaccordance with the one or more estimation signal(s). In a second form,the pseudo random number bit sequence(s) are generated as a function ofthe true random number bit sequence(s) and the output number bitsequences(s) are a representation of a decimation of the pseudo randomnumber bit sequence(s) in accordance with the estimation signal(s).

[0005] The foregoing forms as well as other forms, features andadvantages of the present invention will become further apparent fromthe following detailed description of the presently preferredembodiments, read in conjunction with the accompanying drawings. Thedetailed description and drawings are merely illustrative of the presentinvention rather than limiting, the scope of the present invention beingdefined by the appended claims and equivalents thereof.

BRIEF DESCRIPTION OF THE DRAWINGS

[0006]FIG. 1 illustrates a block diagram of a basic embodiment of arandom number generation system in accordance with the presentinvention;

[0007]FIG. 2 illustrates a block diagram of a first embodiment of theFIG. 1 random number generation system in accordance with the presentinvention;

[0008]FIG. 3 illustrates a block diagram of a second embodiment of theFIG. 1 random number generation system in accordance with the presentinvention; and

[0009]FIG. 4 illustrates a block diagram of a third embodiment of theFIG. 1 random number generation system in accordance with the presentinvention.

DETAILED DESCRIPTION OF THE PRESENT INVENTION

[0010]FIG. 1 illustrates a random number generation system 10(hereinafter “system 10”) comprising a physical random number generator20 (hereinafter “PHNG 20”), a pseudo random number generator 30(hereinafter “PSNG 30”), an entropy estimator 40, and a decimator 50.The PHNG 20 is in communication with the entropy estimator 40 to therebyprovide one or more true random number bit sequences TRNB₁-TRNB_(X) tothe entropy estimator 40. The PHNG 20 can also be in communication withthe decimator 50 to thereby provide the true random number bit sequencesTRNB₁-TRNB_(X) to the decimator 50. The entropy estimator 40 is incommunication with the decimator 50 to thereby provide one or moreestimation signals ES₁-ES_(Y) to the decimator 50. The PSNG 30 is incommunication with the decimator 50 to thereby provide one or morepseudo random number bit sequences PRNB₁-PRNB_(Z) to the decimator 50.The PSNG 30 can be in communication with the PHNG 20 as illustratedwhereby one or more of the pseudo random number bit sequencesPRNB₁-PRNB_(Z) are generated as a function of one or more of the truerandom number bit sequences TRNB₁-TRNB_(X). In accordance with theestimation signal(s) ES₁-ES_(Y), the decimator 50 generates one or moreoutput number bit sequences ONB₁-ONB_(A) representative of a decimationof a mixing of the true random number bit sequence(s) TRNB₁-TRNB_(X) andthe pseudo random number bit sequence(s) PRNB₁-PRNB_(Z) orrepresentative of a decimation of the pseudo random number bitsequence(s) PRNB₁-PRNB_(Z).

[0011] The number of configurations of the PHNG 20, the PSNG 30, theentropy estimator 40, and the decimator 50 is without limit.Additionally, the aforementioned communications among the PHNG 20, thePSNG 30, the entropy estimator 40, and the decimator 50 can be achievedin numerous ways (e.g., electrically, optically, acoustically, and/ormagnetically). The number of embodiments of the system 10 is thereforeessentially limitless. FIGS. 2-4 illustrate exemplary embodiments of thesystem 10.

[0012]FIG. 2 illustrates a random number generation system 11(hereinafter “system 11”) as one embodiment of system 10 (FIG. 1). Thesystem 11 includes a physical random number generator 21 (hereinafter“PHNG 21”) for generating a true random number bit sequence TRNB₁ (X=1),and a pseudo random number generator 24 (hereinafter “PSNG 31”) forgenerating a pseudo random number bit sequence PRNB₁ (Z=1). The PHNG 21and the PSNG 31 may be in embodied in software, hardware, or acombination of software and hardware. In one embodiment of the PHNG 21,the PHNG 21 is configured in accordance with a U.S. patent applicationSer. No. [FILL IN} entitled “Latching Electronic Circuit For RandomNumber Generation”, the entirety of which is hereby incorporated byreference and commonly owned by the assignee. In a second embodiment ofthe PHNG 21, the PHNG 21 is configured in accordance with a U.S. patentapplication Ser. No. [FILL IN} entitled “Switching Electronic CircuitFor Random Number Generation”, the entirety of which is herebyincorporated by reference and commonly owned by the assignee. In oneembodiment of the PSNG 24, the PSNG 24 is configured in accordance witha U.S. patent application Ser. No. [FILL IN} entitled “Linear FeedbackShift Register For Improving A Randomness Of A Physical Random NumberGenerator”, the entirety of which is hereby incorporated by referenceand commonly owned by the assignee. With this embodiment, the truerandom number bit sequence TRNB₁ can be communicated to the PSNG 31 bythe PHNG 21 whereby the pseudo random number bit sequence PRNB₁ is afunction of the true random number bit sequence TRNB₁.

[0013] The system 11 further includes an entropy estimator 41 forgenerating an estimation signal ES₁ (Y=1) as a function of the truerandom number bit sequence TRNB₁. The entropy estimator 41 can beembodied in software, hardware, or a combination of software andhardware. In one embodiment, the entropy estimator 41 employs aconventional method of measuring a largest randomness error in thegeneration of the true random number bit sequence TRNB₁ as would occurto one having skill in the art. The accuracy of the estimation signalES₁ can be enhanced with a running averaging or an exponential averagingof the measurements. When security is a high priority, the entropyestimator 41 can further employ one or more conventional randomness testalgorithms and/or one or more conventional attack detectors.

[0014] The system 11 further includes a decimator 51 having a logiccomponent in the form of an XOR gate 53 that receives the true randomnumber bit sequence TRNB₁ and the pseudo random number bit PRNB₁.Alternatively, other logic components consisting of one or more logiccircuits can be utilized in lieu of XOR gate 53. The decimator 51further includes a counter 54. The output of the XOR gate iscommunicated to a data input DI of the counter 54, and the estimationsignal ES₁ is communicated to a selection input SI of the counter 54. Inaccordance with the estimation signal ES₁, the counter 54 generates anoutput number bit sequence ONB₁ (A=1) as a representation of adecimation of a mixing of the true random number bit sequence TRNB₁ andthe pseudo random number bit sequence PRNB₁.

[0015] Preferably, the PSNG 21, the PHNG 31, the entropy estimator 41,and the counter 54 are synchronously operated by a clock signal CS asillustrated in FIG. 2. Alternatively, one or more of the PSNG 21, thePHNG 31, the entropy estimator 41, and the counter 54 can besynchronously operated in a different manner and/or asynchronouslyoperated.

[0016]FIG. 3 illustrates a random number generation system 12(hereinafter “system 12”) as one embodiment of system 10 (FIG. 1). Thesystem 12 includes the PSNG 21, the PHNG 31, and the entropy estimator41 as previously described herein in connection with FIG. 2. To enhancethe mixing of the true random number bit sequence TRNB₁ and the pseudorandom number bit sequence PRNB₁, the system 12 further includes adecimator 52 including the XOR gate 53, the counter 54, and a bi-stablelatch in the form of a D-type flip-flop 55. The flip-flop 55 has a clockinput receiving the true random number bit sequence TRNB₁ and aninverted output Q providing a latched random number bit LRNB to a datainput D of the flip-flop 55 and an input of the XOR gate 53.Alternatively, other types of bi-stable latches may be utilized in lieuof the flip-flop 55.

[0017]FIG. 4 illustrates a random number generation system 13(hereinafter “system 13”) as one embodiment of system 10 (FIG. 1). Thesystem 13 includes the PSNG 21, the entropy estimator 41, and thecounter 54 as previously described herein in connection with FIG. 2. Forsystem 13, a PHNG 32 generates the pseudo random number bit sequencePRNB₁ as a function of the true random number bit sequence TRNB₁ andcommunicates the pseudo random number bit sequence PRNB₁ to the datainput DI of the counter 54. In response thereto, the counter 54generates the output number bit sequence ONB₁ (A=1) as a representationof a decimation of the pseudo random number bit sequence PRNB₁ inaccordance with the estimation signal ES₁.

[0018] While the embodiments of the present invention disclosed hereinare presently considered to be preferred, various changes andmodifications can be made without departing from the spirit and scope ofthe present invention. The scope of the present invention is indicatedin the appended claims, and all changes that come within the meaning andrange of equivalents are intended to be embraced therein.

What is claimed is:
 1. A random number generating system, comprising: aphysical random number generator operable to generate one or more truerandom number bit sequences; a pseudo random number generator operableto generate one or more pseudo random number bit sequences; an entropyestimator operable to generate one or more estimation signals indicativeof a randomness of the one or more true random number bit sequences; anda decimator operable to generate one or more output number bit sequencesrepresentative of a decimation of a mixing of the one or more truerandom number bit sequences and the one or more pseudo random number bitsequences in accordance with the one or more estimation signal(s). 2.The random number generating system of claim 1, wherein said pseudorandom number generator generates the one or more pseudo random numberbit sequences as a function of the one or more true random number bitsequences.
 3. A random number generating system, comprising: a physicalrandom number generator operable to generate one or more true randomnumber bit sequences; a pseudo random number generator operable togenerate one or more pseudo random number bit sequences; an entropyestimator operable to generate one or more estimation signals indicativeof a randomness of the one or more true random number bit sequences; anda decimator operable to generate one or more output number bit sequencesas a representation of a decimation of the one or more of the pseudorandom number bit sequences in accordance with the one or moreestimation signal(s).
 4. The random number generating system of claim 3,wherein said pseudo random number generator generates the one or morepseudo random number bit sequences as a function of the one or more truerandom number bit sequences.
 5. A random number generating system,comprising: a physical random number generator operable to generate atrue random number bit sequence; a pseudo random number generatoroperable to generate a pseudo random number bit sequence; an entropyestimator operable to generate an estimation signal indicative of arandomness of the true random number bit sequence; and a decimatoroperable to generate an output number bit sequence as a representationof decimation of a mixing of the true random number bit sequence and thepseudo number bit sequence in accordance with the estimation signal. 6.The random number generating system of claim 5, wherein said decimatorincludes a logic component operable to input the true random number bitsequence and the pseudo random number bit sequence.
 7. The random numbergenerating system of claim 6, wherein said decimator includes a counteroperable to input an output of said logic component.
 8. The randomnumber generating system of claim 6, wherein said decimator includes acounter operable to input the estimation signal and an output of saidlogic component.
 9. The random number generating system of claim 5,wherein said decimator includes a bi-stable latch operable to input thetrue random number bit sequence, and a logic component operable to inputthe pseudo random number bit sequence and an output of said bi-stablelatch.
 10. The random number generating system of claim 9, wherein saiddecimator includes a counter operable to input an output of said logiccomponent.
 11. The random number generating system of claim 9, whereinsaid decimator includes a counter operable to input the estimationsignal and an output of said logic component.
 12. The random numbergenerating system of claim 5, wherein said pseudo random numbergenerator generates the pseudo random number bit sequence as a functionof the true random number bit sequence.
 13. A random number generatingsystem, comprising: a physical random number generator operable togenerate a true random number bit sequence; a pseudo random numbergenerator operable to generate a pseudo random number bit sequence; anentropy estimator operable to generate an estimation signal indicativeof a randomness of the true random number bit sequence; and a decimatoroperable to generate an output number bit sequence as a representationof a decimation of the pseudo random number bit sequence in accordancewith the estimation signal.
 14. The random number generating system ofclaim 13, wherein said decimator includes a counter operable to inputthe pseudo random number bit sequence and the estimation signal.
 15. Therandom number generating system of claim 13, wherein said pseudo randomnumber generates the pseudo random number bit sequence as a function ofthe true random number bit sequence.